HackerTrans
TopNewTrendsCommentsPastAskShowJobs

edf13

no profile record

Submissions

Mythos Proves AI Safety Can No Longer Live Inside the Model

grith.ai
2 points·by edf13·26 giorni fa·0 comments

Mythos Proves AI Safety Can No Longer Live Inside the Model

grith.ai
3 points·by edf13·28 giorni fa·0 comments

The Risk Isn't Rogue AI. It's Plausible AI

grith.ai
2 points·by edf13·30 giorni fa·0 comments

AI Makes Adding Features Faster – So Why Not Add Just One More?

grith.ai
3 points·by edf13·2 mesi fa·2 comments

AI Makes Adding Features Faster – So Why Not Add Just One More?

grith.ai
2 points·by edf13·2 mesi fa·0 comments

Vibe Coding Still Needs a Senior Engineer (For Now)

grith.ai
5 points·by edf13·2 mesi fa·1 comments

Five AI Agent Failures in 36 Days. Zero Times the Agent Caught It

grith.ai
3 points·by edf13·2 mesi fa·1 comments

The Vercel Breach Needed Malware. The Next One Needs a Bad Readme

grith.ai
1 points·by edf13·3 mesi fa·3 comments

Every Claude 4.7 Improvement Makes the Security Problem Worse

grith.ai
5 points·by edf13·3 mesi fa·1 comments

They Hacked Claude, Gemini, and Copilot (and No One Told You)

grith.ai
4 points·by edf13·3 mesi fa·0 comments

They Hacked Claude, Gemini, and Copilot (and No One Told You)

grith.ai
3 points·by edf13·3 mesi fa·0 comments

Prompt Injection Is Unfixable (So We Stopped Trying)

grith.ai
4 points·by edf13·3 mesi fa·1 comments

If Your AI Agent Ran NPM Install During the Axios Attack, You're Compromised

grith.ai
5 points·by edf13·3 mesi fa·0 comments

Zero Ambient Authority: The Principle That Should Govern Every AI Agent

grith.ai
3 points·by edf13·3 mesi fa·0 comments

Alibaba's AI Agent Hijacked GPUs and Dug Reverse SSH Tunnels

grith.ai
3 points·by edf13·4 mesi fa·0 comments

Claude now decides what's safe to run – a UX improvement, not a security fix

twitter.com
3 points·by edf13·4 mesi fa·0 comments

AI agents are now deciding what's safe to run (Claude Auto Mode)

grith.ai
3 points·by edf13·4 mesi fa·0 comments

The Trivy Supply Chain Attack Reached LiteLLM

grith.ai
3 points·by edf13·4 mesi fa·1 comments

Meta's Rogue AI Agent Gave Engineers Access They Shouldn't Have Had

grith.ai
1 points·by edf13·4 mesi fa·0 comments

Meta's Rogue AI Agent Gave Engineers Access They Shouldn't Have Had

grith.ai
3 points·by edf13·4 mesi fa·0 comments

comments

edf13
·mese scorso·discuss
Odd… UK visitor and I get:

Website Not Allowed “⁦‪prismml.com‬⁩” is a restricted website.
edf13
·2 mesi fa·discuss
Exactly - the flow of AI assistance makes it so much easier to get caught in the one more feature trap!
edf13
·2 mesi fa·discuss
[dead]
edf13
·2 mesi fa·discuss
Most of the AI-security discourse (and most of my posts) right now is about prompt injection and agent hijacking. But there are still the move-fast-break-things issues that are exacerbated with agentic coding/vibe coding...

I reviewed a colleague's vibe-coded internal tool last week, found 28 security issues, and none of them were that kind of bug - they were the same classic stuff juniors have always shipped, just produced at much higher throughput.

Wrote it up because the "senior engineer review" step quietly disappeared from a lot of AI-assisted workflows, and the bugs that step used to catch are still there (We are still needed!).
edf13
·2 mesi fa·discuss
Ha ha... yes... that brings back memories!
edf13
·2 mesi fa·discuss
My first was this monster:

https://en.wikipedia.org/wiki/Microsoft_Visual_SourceSafe
edf13
·3 mesi fa·discuss
Manually review the package and override the setting
edf13
·3 mesi fa·discuss
Anyone know of a similar tool to conductor for Linux?
edf13
·3 mesi fa·discuss
Hand written I’m afraid… regular comments on this topic is true - it’s an area I’m very interested in.
edf13
·3 mesi fa·discuss
Yes, true ;)
edf13
·3 mesi fa·discuss
We are Open Source… code will be published soon (before launch)
edf13
·3 mesi fa·discuss
[flagged]
edf13
·3 mesi fa·discuss
Yes, fair point.

Feedback accepted, thanks!
edf13
·3 mesi fa·discuss
[dead]
edf13
·3 mesi fa·discuss
Related: https://news.ycombinator.com/item?id=47803847
edf13
·3 mesi fa·discuss
Seems to be a very regular occurrence starting around this time of day (14:30 UTC)...

Claude Code returning: API Error: 500 {"type":"error","error":{"type":"api_error","message":"Internal server error"},"request_id":"---"}

Over and over again!
edf13
·3 mesi fa·discuss
[dead]
edf13
·3 mesi fa·discuss
Building grith (grith.ai) - a security proxy for AI coding agents enforced at the OS syscall level.

The problem: agents like Claude Code, Codex, and Aider execute file reads, shell commands, and network requests with your full system privileges.

For example, when a malicious README tells the agent to read ~/.ssh/id_rsa and POST it somewhere, nothing in the agent's own trust model catches it. Auto Mode makes this worse - it asks the model to audit its own actions, so a prompt injection that corrupts the reasoning also corrupts the permission layer.

grith wraps any CLI agent with `grith exec -- <agent>`. Every syscall passes through a multi-filter scoring engine before it executes. Deterministic, ~15ms overhead, no LLM reasoning in the permission path. Linux now, macOS/Windows coming. AGPL, open-core.

Two weeks ago a DPRK-linked attacker backdoored axios on npm (400M monthly downloads). The RAT executed 1.1 seconds into npm install. AI agents run npm install autonomously, without human review. If yours ran it during the 3-hour window, you're compromised and nobody told you.

That's the threat model grith is built for.
edf13
·3 mesi fa·discuss
> And really, for what?

Readership, clicks and views
edf13
·3 mesi fa·discuss
[dead]